Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#11037 closed (duplicate)

Support HTTPOnly cookie for HttpResponse.set_cookie

Reported by: Henrik Vendelbo Owned by: nobody
Component: HTTP handling Version: dev
Severity: Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.
http://www.owasp.org/index.php/HTTPOnly

I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag.

Attachments (1)

Change History (4)

comment:1 by Matt McClanahan, 16 years ago

Has patch: unset
milestone: 1.1
Triage Stage: UnreviewedDesign decision needed

It's too late for new features in 1.1.

comment:2 by mrts, 16 years ago

Resolution: duplicate
Status: newclosed

Duplicate of #3304. Please search the existing ticket list before submitting new tickets.

comment:3 by Henrik Vendelbo, 16 years ago

I did search for httponly and set_cookie, didn't find anything

Anyway, I added a couple of doctests for HttpResponse that might be useful

Note: See TracTickets for help on using tickets.
Back to Top